This data security and privacy statement applies to all Utoolity Apps offered in the Atlassian Marketplace. It outlines the collection and processing of your data by us in general, for Cloud and Server Apps, as well as App specific details, if necessary.
For information specific to our web presence, refer to our Privacy Policy.
Customer Account Data
Once you license or subscribe to one of our products, Atlassian provides us with your license details, including the name and email address of your registered Atlassian contacts. Utoolity uses this data for accounting, security incident reporting, support, and customer enablement.
We do not have any access to your customer data beyond the information provided by Atlassian over the course of evaluating or purchasing our products.
Customer Support Data
As an active or potential customer, you may choose to register with our support systems (Jira Software, Jira Service Management, Confluence) in order to submit support requests or access non-public information. We will also register you in those instances if you choose to contact our support team per email. With such registration, we will store your email address, name (if given), and support details in our support systems running in the Atlassian Cloud. Should the support details contain personal data, we recommend anonymizing the data, if possible. If you wish for your personal information to be removed from the Utoolity support systems, please contact our privacy team.
All data provided to us in the context of a support request will only be used to analyze and solve your requests. Without your explicit consent or a legal basis, your personal data will not be shared with third parties.
Access to Customer Data
Only authorized Utoolity GmbH employees and subcontractors have access to customer data. Subcontractors are contractually bound to the same data security and privacy standards as our employees.
Third-party Service Providers
We use the follwing third-party service providers:
- Atlassian (Atlassian Pty Ltd)
Purpose: Support Management Services
Country: Australia
Atlassian Privacy Policy - AWS (Amazon Web Services, Inc.)
Purpose: Hosting and general IT Services
Country: USA
AWS Privacy Notice - Blue Gecko (Blue Gecko Marketing GmbH)
Purpose: Marketing, Design, and Customer Success
Country: Germany
Blue Gecko Privacy Policy - GANDI (GANDI SAS)
Purpose: Domain and Email Services
Country: France
Gandi Website - Twilio (Twilio Inc.)
Purpose: Communication Services
Country: USA
Twilio Privacy Statement
Security Vulnerabilities
We constantly strive to keep our products and data secure. If you detect/suspect any security vulnerability, contact our security team, and we will work on a solution for the issue immediately.
Security Bug Fix Policy
We follow the Security Bug Fix Policy For Marketplace Apps, which details the remediation due dates based on a mapping of vulnerability CVSS scores to severity and timeframe to resolution.
Security Incident Management
We follow the Security Incident Management Guidelines For Marketplace Partners, which details the process to investigate, communicate, contain, remediate, and prevent security incidents.
Vulnerability Disclosure Program
The Marketplace Vulnerability Disclosure Program provides customers and security researchers the opportunity to report vulnerabilities to Atlassian, who will then triage and report applicable vulnerabilities back to us to remediate.
Cloud Apps
Our apps for Atlassian Cloud products are developed according to the principle of "Datensparsamkeit" ("data minimization"). We strive to only collect or transmit data that is necessary for the app's operation. If the app requires data storage, our first choice is to use the native Atlassian Cloud product storage, which is subject to the Atlassian security practices. Our apps will not store any data outside of the Atlassian Cloud product, except if otherwise noted below.
Exceptions for all Cloud Apps:
- Installation metadata – if technically required, metadata provided by the Atlassian Cloud platform will be stored in app specific storage external to the Atlassian Cloud
- Performance caches – where applicable, data can be cached temporarily for performance reasons
Exceptions for specific Cloud Apps:
- There are no app specific exceptions at this point
Data Center and Server Apps
Our apps for Atlassian Server and Data Center products store all data exclusively within your customer-managed systems. They do not collect or transmit any data to us, except for the embedded support widgets, which will do so only if you use them to raise a support request – see section Customer Support Data for details.
Contact Us
Your information is controlled by Utoolity GmbH. If you have questions or concerns about how your data is handled, please direct your inquiry to:
Utoolity GmbH
Mittelgasse 5
35457 Lollar
Phone: +49 6406 7750741
Email: privacy@utoolity.net
Internet: utoolity.net
Revisions to this Statement
Utoolity may update, modify or amend (together, "revise") this statement as our portfolio evolves, including any referenced policies and other documents. We keep a version history of these changes.
(Effective as of August 2nd 2023)